India started legislation on Data Protection first with ITA 2000. Initially there was no distinction between protection of non personal data and personal data and ITA 2000 was considered the legislation for “Cyber Security”. At that time “Compliance” was related to “Compliance of ITA 2000” and the framework being used for the IISF 309 (Indian Information Security Framework developed by Naavi). Many were using the ISO 27001 framework also while IISF 309 focussed on the ITA 2000/8 compliance directly.
Subsequently during the 2008 amendments, sections such as Section 43A were added to the ITA 2000 and the demand for special compliance provisions related to Personal Data was addressed.
After the demand for more focussed “Privacy Protection” arose from the Supreme Court decisions on Aadhaar and later the Puttaswamy judgement and the recommendations of the Justice Srikrishna Committee, the thought of having a replacement law for Section 43A was mooted. Halfway down the PDPB 2019 draft was changed to DPA 2021 trying to bring at least the data breach notification of non personal data into the personal data legislation. This was discarded in the latest DPDPB 2022.
However, it cannot be denied that the life cycle of Personal Data includes its status as non personal data either before the identity parameters are tagged to the core personally identifiable data or after anonymization. Hence the protection of “Personal Data” cannot be too distanced from “Protection of Non Personal Data”. Many of the CISOs in fact do double up as DPOs though it is not recommended because DPO requires lot more legal knowledge than CISO.
FDPPI followed the demand arising from GDPR and started its activity focussing more on protection of personal data. Naavi as a person came from the non personal data protection specialization and included personal data protection into his portfolio. Cyber Law College which is the training partner of FDPPI and which is the pioneering virtual education institution in India was conducting Cyber Law Courses and added Data Protection Courses to its portfolio.
Presently a need has arisen whereby DPOs and Privacy Managers should also have adequate exposure to ITA 2000 and the consequent legal issues which directly influence the Information Security obligations. Just as non compliance of DPDPB 2022 may result in administrative fines, non compliance of ITA 2000 may result in penalties and even imprisonment of corporate officials. Hence knowing ITA 2000 is necessary for Corporate employees aspiring to be Data Protection Professionals.
Very shortly, Government of India is coming up with a new law called Digital India Act to replace ITA 2000/8 and it will include several issues related to handling of personal data also.
It has therefore been decided that FDPPI will also provide the umbrella certification for ITA 2000 or DIA courses as we go forward.
Since Cyber Law College had contemplated a course on DIA almost together with FDPPI-DNV program on Personal Data Protection, a one day special offer has been provided applicable only for today as an Early Bird Incentive where by, a subscription of the FDPPI-DNV program (Rs 35000/- upto May 31st midnight) along with the Course on Cyber Laws would be available at Rs 41000/- with a Cash payback of Rs 1000/- in the form of PayTM/Amazon vouchers and also free copies of Naavi’s E book on ITA 2000.
Further the Certificate of the Cyber Law Course will also be endorsed under the umbrella of FDPPI and a separate category will be opened in the Indian National Register of Data Protection Professionals for Cyber Law Professionals.
Those interested may avail of this benefit.
The links for registration is available below with more information:
Link for Data Protection Course:
Link for Cyber Law Course:
Last Day for Early Bird Discount is 31st May 2023